At around 20 people, your IT needs shift. You are past the point where someone who is "good with computers" can keep things running in their spare time. But you are not big enough to justify a full-time IT person. This is the sweet spot for managed IT support, and it is where a lot of Somerset businesses find themselves.
Here is a realistic look at what you actually need at this size, what you can probably skip, and what it should cost.
What a typical 20-person setup looks like
Most offices this size have a fairly standard setup. Microsoft 365 for email and documents. A handful of cloud-based line-of-business apps, maybe an accounting package like Xero or Sage, a CRM, or some industry-specific software.
Hardware-wise, you are probably looking at a dozen laptops, a few desktops, a multifunction printer or two, and some basic networking kit. Some offices still have a server on-site, usually for file storage or running an older application that has not moved to the cloud yet.
Nothing complicated. But enough moving parts that when something goes wrong, it can affect the whole team.
What you genuinely need
At 20 users, your IT support needs to cover the basics properly before anything else. Get these right and most of your day-to-day problems disappear.
Endpoint protection. Every device needs proper antivirus and anti-malware software. Not the free stuff that came with Windows. A managed solution that gets monitored centrally, so if something flags up on one machine, someone actually sees it and responds.
Backup. Your data needs to be backed up, and those backups need to be tested. This means M365 data (yes, Microsoft does not fully back up your mailbox and OneDrive by default), any on-site server data, and anything in cloud apps that matters. If you cannot answer "how quickly could we recover from a ransomware attack?" then your backup is not good enough.
Patching. Windows updates, application updates, firmware updates. These close security holes. Leaving them undone is the single easiest way to get compromised. A managed IT provider should be handling this monthly at minimum, with critical patches applied faster.
A helpdesk. Your staff need someone to call or email when something breaks. Response time matters here. For a 20-person office, if one person cannot work for half a day because their laptop will not connect to the printer, that is real lost productivity.
A properly configured firewall. Most offices have a firewall, but a surprising number have one that was set up years ago and never touched since. It should have up-to-date firmware, proper rules in place, and someone reviewing the logs. A firewall that is just plugged in and forgotten is barely better than not having one.
What you probably do not need yet
The IT industry loves to upsell. At 20 users, there are some things that sound important but are either overkill or premature for your size.
A full Security Operations Centre (SOC). These are 24/7 monitoring services that watch your network traffic and endpoints for threats. Useful for larger organisations or those in regulated industries, but at 20 users the cost is hard to justify. Good endpoint protection and a well-configured firewall cover most of the same ground.
SIEM (Security Information and Event Management). This collects and analyses logs from across your network to spot threats. It is powerful, but it requires someone skilled to manage it. At this size, it is a cost you do not need.
A dedicated virtual CIO (vCIO). Some MSPs offer a senior technology advisor who meets with you quarterly to plan strategy. At 20 users, a good account manager who understands your business and flags upcoming needs is usually sufficient. You do not need a formal vCIO engagement.
None of these are bad services. They are just things you can grow into later if your business needs them.
What should it cost?
For a managed IT service covering the essentials listed above, most Somerset businesses with around 20 users are looking at somewhere between £800 and £1,600 per month. That works out to roughly £40 to £80 per user.
The lower end gets you reactive support with basic monitoring. The higher end includes proactive maintenance, regular reviews, faster response times, and more comprehensive security.
Be wary of quotes that are significantly cheaper. They usually mean something has been left out, like backup, security software, or on-site visits. And be wary of quotes that are much higher unless they include hardware, software licensing, or something specific that justifies the extra cost.
Always ask what is included and what costs extra. Common extras include on-site visits, new user setup, hardware procurement, and project work like office moves or server upgrades.
In-house IT person vs outsourced
At 20 users, this question comes up a lot. Could you just hire someone?
You could. But think about what that looks like in practice. One IT person covers your office during their working hours. When they are on holiday, sick, or at lunch, you have no cover. When they hit a problem outside their skill set, maybe a tricky networking issue or a security incident, there is nobody to escalate to.
A single IT hire is also a single point of failure. They know how everything is set up because they set it up. If they leave, that knowledge walks out the door with them unless they have been very disciplined about documentation (and most are not).
An outsourced provider gives you a team. Multiple engineers with different specialties. Cover during holidays and sick days. Established processes for documentation and monitoring. And it usually costs less than a full-time salary when you factor in employer NI, pension, training, and tools.
At 20 users, outsourced almost always makes more financial and practical sense. The tipping point where in-house starts making sense is usually around 50 users, and even then many businesses go with a co-managed model where they have one internal person backed by an external provider.
Getting it right
If you are running a 20-person office in Somerset and your IT feels a bit held together with string, you are not alone. Most businesses this size are in the same position. The fix is not complicated. Get the fundamentals covered properly, do not overspend on things you do not need yet, and work with a provider who actually understands your size of business rather than trying to sell you enterprise solutions.